Hardening Security

Metacloud deployments are hardened against vulnerability and infilitration to maintain a high level of security and control around sensitive files and data. Your Metacloud deployment is tailored to the specific needs of your environment, based on several important security concepts. Metacloud Support provides vulnerability detection, remediation, and patching on the Metacloud infrastructure, you should ensure that you have appropriate security measures in place for your network and endpoints that have access to Metacloud.

Platform Architecture

Metacloud uses control point nodes as the central components to provide high-availability functions for core components. In the event that one node fails, requests are transparently directed to an alternate controller.

Network Isolation

The Metacloud corporate VPN and the customer-facing VPN operate within a hardened and efficient (reduced footprint) Linux-based system. External access to the VPN is limited to a single exposed port (VPN protocol) and remote network sessions (Secure Shell [SSH]) are not allowed. The VPN is a hardened Linux system with no ports exposed other than those dedicated to VPN protocols.
The OpenVPN server requires both a certificate and two-factor authentication to connect. That certificate and the SSH keys held by the administrator are encrypted and are not shared for any other purposes.

Ports Exposed to Monitor the Cloud Environment

Access Method

Port

SSH

22

HTTPS

443

Agent

10050

Authorization and Role Management

The Metacloud platform uses preconfigured roles and assignments for all administrators, helping to ensure that these roles provide fine-grained authorization for specific actions and are defined to meet typical compliance or operational needs.

Communication Using the API

Metacloud services communicate using RESTful API calls. All API calls use a key management system to enforce signed, authorized API calls. API endpoints are protected from being flooded with API traffic with quotas and throttling mechanisms.